Overview

overview

10

Static

static

1

MT Lesley CT.rar

windows7-x64

1

MT Lesley CT.rar

windows10-2004-x64

1

MF-HF malf...DF.cmd

windows7-x64

7

MF-HF malf...DF.cmd

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MT Lesley CT.Tar

  • Size

    693KB

  • Sample

    250120-g6tr5awjdv

  • MD5

    410a931567f715fe9704a14091e51242

  • SHA1

    16925f1d1299d5d2d678b87a2a4df1a226754839

  • SHA256

    9b4b49505a77593a84b8e160f43134d76e63a7b0e8ad26619d3a60f6cf51ad0d

  • SHA512

    e7271dfa0d7f5fea8d7f0e6795ca4053f5a58952fe6a8371662b62eea9dcb651a56848afa91b2bef7e16067dc2412049e8f105e0034c0095bab1f52bb8c3e52c

  • SSDEEP

    12288:Fl4rqRnePmoCeER2oUV5hGZoqsf8yCwb1wWEdTK5e2AhMbwWtEpShHHW4oQoB2QP:8rKhoCeERPSrX8G1fEdTKa+fhHHWj4S9

Score
10/10
modiloaderdiscoverypersistencetrojan

Malware Config

Targets

    • Target

      MT Lesley CT.Tar

    • Size

      693KB

    • MD5

      410a931567f715fe9704a14091e51242

    • SHA1

      16925f1d1299d5d2d678b87a2a4df1a226754839

    • SHA256

      9b4b49505a77593a84b8e160f43134d76e63a7b0e8ad26619d3a60f6cf51ad0d

    • SHA512

      e7271dfa0d7f5fea8d7f0e6795ca4053f5a58952fe6a8371662b62eea9dcb651a56848afa91b2bef7e16067dc2412049e8f105e0034c0095bab1f52bb8c3e52c

    • SSDEEP

      12288:Fl4rqRnePmoCeER2oUV5hGZoqsf8yCwb1wWEdTK5e2AhMbwWtEpShHHW4oQoB2QP:8rKhoCeERPSrX8G1fEdTKa+fhHHWj4S9

    Score
    1/10
    behavioral1behavioral2

    • Target

      MF-HF malfunction LOG Report,PDF.cmd

    • Size

      2.7MB

    • MD5

      52c4a6ab8615c5f10087756a5506a81d

    • SHA1

      4edc7261d4b1f624d94099071e5752fbc5864fae

    • SHA256

      b7aa6671b0d47e966e51c97c069edff139d312e7707ffbc22fb2392b3004021a

    • SHA512

      b542b3b361dac98ac1db9517aeac1bfec3dab4f3439729f466a225550e1c0b486bf662989bc15f51d25842fedca09087105bd81a48a13a9632f0167375ce39ef

    • SSDEEP

      24576:ybei0ej3l3KRE+5WyHCN51BPTjF0Sj2dkucbo0063u9wN6UFfbDXRCDy:ybeiJjERE+q51SdvmYUz

    Score
    10/10
    discoverymodiloaderpersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modiloader family

      modiloader

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks